The essence of electronic commerce is the exchange of information. The most common form of electronic commerce entails the purchase of products over the Internet using a credit card. Information necessary to consummate a credit card transaction includes the data subject's name, address, credit card information, and the amount to be charged. While the term “electronic commerce” is generally associated with the purchase of goods and services over the Internet, the term encompasses other transactions as well. For example, applications for insurance, college admissions, and loans are transactions that are not purchase transactions. Hence the term transaction is generally used herein to describe all manner of interactions over a network of the type noted above. The common element to all transactions is the transfer of data from one party to another.
A person who wants to send personal data (the “data subject”) can either type in the required information each time a transaction is consummated or store the data for retrieval. Typing in data is not only inefficient and prone to errors, but discourages Internet commerce. Using a local software solution is generally considered undesirable, as most such software programs are proprietary to a particular payment system, require the data subject to become skilled in the operation of the program, and are perceived as slow or unwieldy.
Repositories of data subject information exist in the “brick and mortar” world as well as the virtual world of the Internet. Associations like AARP and AAA have large membership databases. Some merchant sites on the web require data subjects to “register” with the merchant. These collections of data subject data have value outside their original purpose of facilitating purchasing. For example, a merchant may provide a registered data subject with certain member benefits. The holder of this data subject data may also exploit this information selling it to third parties for marketing purposes.
While databases of data subject information are inherently valuable, it is not easy for a controller of one of these databases to provide a data subject access to his or her data in a way that facilitates Internet commerce. Even if a data controller could make data subject information available to a data subject, the data controller would have to deal with the costs associated with providing the means of capturing the data subject data needed for a particular transaction and associated with protecting the data. Finally, if a data controller managed to make its data usable for commerce, it might prove difficult to leverage that data by making it available to others authorized by the controller to receive it.
Therefore, a need exists for a system that allows a controller of data subject information (the “data controller”) to collect and securely store information from data subjects and to make data subject information available to the data subject to send selected information to the controller or to an authorized data recipient which could for the purposes of the application be a merchant, a college in case of application information, and other situations where information must be repetitively provided to a plurality of recipients. over the Internet in a manner that offers security and allows access from any computer. A system to provide this for merchants is disclosed in copending application Ser. No. 09/167,873, filed Oct. 7, 1998, incorporated herein by reference in its entirety. The present invention expands upon this system to data controllers and authorized data recipients.